Comparison Overview

Brentwood Travel

VS

FCM Travel UK

Brentwood Travel

1022 Executive Parkway Dr, St Louis, Missouri, 63141, US
Last Update: 2025-03-06 (UTC)
Between 900 and 1000
http://www.brentwoodtravel.com

Excellent

Brentwood Travel has been a part of the St. Louis travel industry since 1957, when Robert and Ruth Lurie founded the company. They worked with a dedication to bringing the best travel experience possible to St. Louis and abroad. Our current President and CEO, and daughter of the founders, Stephanie Turner joined the company in 1973 and is prominent in the travel industry. As a member of many industry boards and advisory groups, she is able to provide our agents with constant knowledge and experience. From leisure, corporate, group, and incentive, we can arrange the finest travel services possible. Brentwood Travel has a reputation as a stellar travel agency and we are confident that you will be impressed by our knowledge and customer service.

NAICS: 561
NAICS Definition:
Employees: 23
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

FCM Travel UK

120 The Broadway Wimbledon, London SW19 1RH, GB
Last Update: 2025-05-06 (UTC)

Excellent

Between 900 and 1000
http://www.fcmtravel.co.uk

Welcome to FCM, the alternative corporate travel company. What makes us the alternative? We make business travel a pleasure. Donโ€šร„รดt just โ€šร„รฒget thereโ€šร„รด. Connect globally. Think differently. Travel better. Give yourself the flexibility to do corporate travel on your own terms. Weโ€šร„รดre here for a purpose โ€šร„รฌ to transform business travel. Our modern user platform, combined with the best customer service in the industry, keeps you moving swiftly and with ease. From enhanced traveller experiences, to saving strategies, spend control, data visibility and more โ€šร„รฌ weโ€šร„รดre here to help you travel differently. And by differently, we mean better.

NAICS: 5615
NAICS Definition: Travel Arrangement and Reservation Services
Employees: 10,001+
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/brentwoodtravel-stl.jpeg
Brentwood Travel
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/fcm-travel-solutions-uk.jpeg
FCM Travel UK
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
Compliance Summary
Brentwood Travel
100%
Compliance Rate
0/4 Standards Verified
FCM Travel UK
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Travel Arrangements Industry Average (This Year)

No incidents recorded for Brentwood Travel in 2025.

Incidents vs Travel Arrangements Industry Average (This Year)

No incidents recorded for FCM Travel UK in 2025.

Incident History โ€” Brentwood Travel (X = Date, Y = Severity)

Brentwood Travel cyber incidents detection timeline including parent company and subsidiaries

Incident History โ€” FCM Travel UK (X = Date, Y = Severity)

FCM Travel UK cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/brentwoodtravel-stl.jpeg
Brentwood Travel
Incidents

No Incident

https://images.rankiteo.com/companyimages/fcm-travel-solutions-uk.jpeg
FCM Travel UK
Incidents

No Incident

FAQ

Both Brentwood Travel company and FCM Travel UK company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

Historically, FCM Travel UK company has disclosed a higher number of cyber incidents compared to Brentwood Travel company.

In the current year, FCM Travel UK company and Brentwood Travel company have not reported any cyber incidents.

Neither FCM Travel UK company nor Brentwood Travel company has reported experiencing a ransomware attack publicly.

Neither FCM Travel UK company nor Brentwood Travel company has reported experiencing a data breach publicly.

Neither FCM Travel UK company nor Brentwood Travel company has reported experiencing targeted cyberattacks publicly.

Neither Brentwood Travel company nor FCM Travel UK company has reported experiencing or disclosing vulnerabilities publicly.

Neither Brentwood Travel company nor FCM Travel UK company has publicly disclosed detailed information about the number of their subsidiaries.

Brentwood Travel company employs more people globally than FCM Travel UK company, reflecting its scale as a Travel Arrangements.

Latest Global CVEs (Not Company-Specific)

Description

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create` route. `session?.user ?? (authRequired ? null : { id: ctx.body.userId })`. When no session exists but `userId` is present in the request body, `authRequired` becomes false and the user object is set to the attacker-controlled ID. Server-only field validation only executes when `authRequired` is true (lines 280-295), allowing attackers to set privileged fields. No additional authentication occurs before the database operation, so the malicious payload is accepted. The same pattern exists in the update endpoint. This is a critical authentication bypass enabling full an unauthenticated attacker can generate an API key for any user and immediately gain complete authenticated access. This allows the attacker to perform any action as the victim user using the api key, potentially compromise the user data and the application depending on the victim's privileges. Version 1.3.26 contains a patch for the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstarโ€™s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary and could not be configured at runtime. In practice, this meant that every deployment using Reviewbot would validate requests with the same secret unless the operator modified source code and rebuilt the component - an expectation that is not documented and is easy to miss. All Allstar releases prior to v4.5 that include the Reviewbot code path are affected. Deployments on v4.5 and later are not affected. Those who have not enabled or exposed the Reviewbot endpoint are not exposed to this issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a userโ€™s (1) First Name, (2) Middle Name or (3) Last Name text field.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References