AnsweredAssumed Answered

qualys reports vulnerability still exists even after the fix is applied

Question asked by lee wang on Nov 26, 2019
Latest reply on Nov 28, 2019 by Rizwan Bedekar

We are investigating on the qualys report of weblogic vulnerabilities , however we are struggling to understand how Qualys cloud engine actually works. For example, QID 87333, Patch ID checked: weblogic server 12.2.1.3 - 27342434 and 27441341. As instructed by oracle support website , 27342434 has been superseded and replaced another patch 29814665, later on 29814665 has conflicts with patch 30028126, so we end up applying the latest patch 30028126. But Qualys still flags that the vulnerabilities ( QID 87333)is not fixed. Can anybody shed some light how qualys cloud engine handles  superseded patches. Thanks.

Outcomes