Work the system and treat the boss just like you would handle a system bug or limitation.
Step 1: Get it into your official procedure, to do some kind of acceptance test or quality checks for software delivered by 3rd parties. This can often be done innocently and disguised as a formality.
Step 2: Improve the acceptance test procedure so that the pieces of garbage with security holes will fail Here, make sure the improved tests become official and rubber stamped.
Step 3: When at delivery the tests fail, raise a critical ticket with the delivering company. This works best if you managed in step 2 to make the test part of the acceptance. Now people will start to feel the pain, because a failed acceptance and a piece of software marked as "Not Ready for Deployment" will have commercial impacts. People will curse and try to force it through.
Step 4: While the shit is flying your way, make sure you stay reasonable, helpful and stick very closely to the official company procedures. Get acquainted with the QC department and ISO-whatever proceedings. Don't be controversial, never bad-mouth anyone. At the same time, document your cases, print out the mails where people attach your message to their replies.
Step 5: The software will be rolled out no matter what you said, but now you have a proper documentation of how your boss and the marketing department bend and break the holy official rules nobody want to keep.
Step 6: Various outcomes
a: People in marketing hate your guts now and avoid you as much as they can because you're branded as difficult. Problem solved for you.
b: They want you to do it again next month. Some chances are that the delivering organisation learned that releases are smoother if the software doesn't fail the test devised by that crazy lunatic in software engineering (this means you). A slow increase of security will ensure.
Step 7: Somewhere down the road there's a big chance the company will get into troubles because of their faulty software. Make sure, the people investigating that get access to your documentation.