Changes in This Release for Oracle Database Security Assessment Tool
The Oracle Database Security Assessment Tool 4.2 (March 2026) release has been updated to detect CVEs from the latest Critical Patch Update for Oracle Database versions 19c, 21c, and 26ai.
The Oracle Database Security Assessment Tool supports Oracle AI Database 26ai and Oracle Autonomous AI Databases.
- Updated sections/checks:
INFO.PATCH: Enhanced with CVE detection for comprehensive vulnerability assessment.
- General:
-
Secure Authentication: Oracle recommends that you use a secure method to run the Oracle Database Security Assessment Tool (DBSAT), and avoid entering the authentication password on the command line. DBSAT now issues a warning message to encourage secure authentication.
The command-line password based authentication method is now deprecated and will be desupported in a future release.
-
Oracle JRE Requirement: Oracle Java Runtime Environment (Oracle JRE) 17 (Oracle JDK 17) is now the minimum prerequisite.
-
Best Practices Terminology: "Oracle Best Practices (OBP)" findings are now labeled "Oracle Recommended Practices (ORP)".
-
Downloading and Installing Oracle Database Security Assessment Tool
-
To download the Oracle Database Security Assessment Tool, visit oracle.com, and click the Download DBSAT link. Alternatively, go to My Oracle Support Doc ID 2138254.1.
-
See Installing the Database Security Assessment Tool for information about completing the installation of Database Security Assessment Tool.
Oracle Database Security Assessment Tool Release Notes, Release 4.2
G50298-01
Primary Authors: Ramya P, Prakash Jashnani, Jim Womack
Contributors: Anant Bhasu, Abhinav Singh, Gopal Mulagund, Pedro Lopes, Shyamsundar KG, Vivek PV