diff --git a/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java b/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java
index 178382360ef..fa03c99dbf0 100644
--- a/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java
+++ b/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java
@@ -31,6 +31,7 @@
 import com.netscape.cmscore.ldapconn.LDAPConfig;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 import com.netscape.cmscore.ldapconn.PKISocketConfig;
+import com.netscape.cmsutil.ldap.LDAPUtil;
 
 import netscape.ldap.LDAPAttribute;
 import netscape.ldap.LDAPAttributeSet;
@@ -179,7 +180,11 @@ public boolean sessionExists(String sessionId) throws Exception {
         try {
             String basedn = ldapConfig.getBaseDN();
             String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
-            String filter = "(cn=" + sessionId + ")";
+
+            // CVE-2023-4727
+            // escape session ID in LDAP search filter
+            String filter = "(cn=" + LDAPUtil.escapeFilter(sessionId) + ")";
+
             String[] attrs = { "cn" };
 
             conn = mLdapConnFactory.getConn();
@@ -262,7 +267,11 @@ private String getStringValue(String sessionId, String attr) throws Exception {
         try {
             String basedn = ldapConfig.getBaseDN();
             String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
-            String filter = "(cn=" + sessionId + ")";
+
+            // CVE-2023-4727
+            // escape session ID in LDAP search filter
+            String filter = "(cn=" + LDAPUtil.escapeFilter(sessionId) + ")";
+
             String[] attrs = { attr };
 
             conn = mLdapConnFactory.getConn();